5 minute read time

Go Password-Less or Use MFA With Your Existing Authentication

by Micro Focus Employee in CyberRes

Password attacks are on the rise because password themselves are vulnerable if they are not managed well. The end user experience on using passwords for authentication is still distributed, where tech savvy personas are showing inclination towards password-less approaches and evaluating robust authentication options including Biometrics, TOTP, FIDO 2.0 Approaches. In the meantime, legacy customers and application users love and or are bound to use the old authentication mechanism with passwords due to the nature of the application but, due to the rising risks, are interested to add an extra layer of security in the form of multi-factor authentication (MFA).

Market Study and Reports

Data Breach Investigations Report

Source: DBIR

The 2022 Data Breach Investigations Report (DBIR) by Verizon gleans vital cybersecurity insights from the analysis of over 23,000 incidents and 5,200 confirmed breaches from around the world. Here is a sample:

  • 93% of the passwords used in brute force attacks include 8 or more characters
  • 54% of organizations do not have a tool to manage work passwords
  • 48% of organizations do not have user verification in place for calls to the IT service desk
  • 41% of the passwords used in real attacks are 12 characters or longer
  • 42% of seasonal passwords contained the word “summer
  • 68% of passwords used in real attacks include at least two-character types and many more.

Even after these issues, it is very difficult to adapt and adhere to a new experience. The Authentication experience matters a lot!!

The right authentication experience should give you a proper balance on the following factors; Convenience and Risk. Which means, it should give you a friendly experience to use it simultaneously it should be capable to handle the open risks.

What is the right authentication experience

Open problems statements directly or indirectly related to passwords

There are numerous problems associated with passwords directly or indirectly. Here, are some open questions and concerns from the top business personas from organizations.

  1. Expenses around Helpdesk services dedicated to Reset passwords.
  2. Cannot move away from password-based authentication due to the tightly-coupled nature of product/application but need to introduce MFA for all enterprise and cloud applications as an extra layer of security without tempering the existing experience.
  3. Difficult to manage /learn/remember passwords and rotate after every 30/60/90 day.
  4. Running through a lot of Legacy applications, most of them are non-federated applications. In the meantime, we need to stay complaint to COBIT, SOX and ISO 27001. Need a solution to add MFA to these applications.
  5. Need a solution which is free from frequent  attacks like Brute force, Phishing, Key logging and Man-in-the middle-attacks.
  6. Need a single solution which could help me to decide where I need password and MFA-based authentication and where I need password-less authentication based on the user’s convenience. 

Strategy to solve these pain points and problems

Organizations are adapting solutions which meet their business requirements with the least complexity of integration and that is completely fair. All methods of advanced authentication (Extra layer of authentication apart from password) are honoured equally until it solves the associated security risks. Most used methods of MFA along with password include Hardware Tokens, TOTP, OOBA, Proximity/Standard Card based Authentication, Pin Pad Reader, SMS OTP, FIDO U2F Key, Fingerprint(Biometrics) etc.

MFA along with password

Also, organizations prefer direct password-less approaches which solves the password related risks and security threats and make them agile. This also cuts their heavy expense on help desk operations. Most used password-less approaches includes the above-mentioned techniques and includes more latest technologies like Touch ID, Windows Hello, FIDO 2.0, YUBIKEY, TOTP, Bank ID, HANIS fingerprint, flex OTP, Swisscom Mobile ID, and U2F.

Is One Solution Enough?

There are many products and solutions in the market, which claim that they solve this issue. But, when you look deeper, you will find that there are dozens of pointed solutions. But, in the meantime there are very few solutions which give you convenience to define your authentication experience through a single product. This is also evident that organizations end up buying multiple products and licenses to have this consolidated experience backed by painful integrations.

How to Utilize CyberRes Capabilities to Address these concerns

CyberRes is a cybersecurity solution portfolio from Micro Focus, which brings an exquisite platter of Security products dealing with Application Security, Data Privacy and Protection, Identity and Access Management, Security Operations, and Artificial Intelligence.

Under Identity and Access Management Portfolio, we offer you a solution: NetIQ Advanced Authentication Framework (AAF). This solution is available on-premises as well as on cloud.

NetIQ AAF is one central Multi-Factor Authentication solution for everything!

Avoid having multiple two-factor authentication solutions in your organization. Have one central place to support multiple and different authentication methods to support all business demands and reduce risk.

Key functionality of NetIQ Advanced Authentication Framework

  • One authentication for everything
  • Available product support for Mobile, Desktop, Web and , SaaS
  • All leading methods supported ( A view from the product shown above)
  • Centralized policy engine
  • Multi-Site support
  • Multi-tenant support
  • Risk Service Integration

Additional Benefits with intra-portfolio Product Integrations

This also empowers you to configure Risk-based/Adaptive authentication based on your business policies and brings you under zero trust umbrella as it offers a very simple integration with NetIQ Access Manager.

Advanced Authentication Framework also provides easier and hassle-free integration with SecureLogin which enables you to configure robust MFA on top of your legacy desktop / thick-client Applications.

So, are you ready for this user-friendly experience? Visit our exclusive demo on Advanced Authentication Use cases in SaaS on the NetIQ Unplugged Channel. 

Connect With Us: 

Join our Community. Have technical questions about NetIQ Advanced Authentication? Visit the NetIQ Advanced Authentication User Discussion Forum. Keep up with the latest Tips & Info about Advanced Authentication Do you have an Idea or Product Enhancement Request about Privileged Account Manager? Submit it in the NetIQ Advanced Authentication Idea Exchange. Remember to check out NetIQ Unplugged on YouTube for additional video content. We’d love to hear your thoughts on this blog. Log in or register to comment below.

Labels:

Identity & Access Mgmt